KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition [...]

Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question.

We [...]

It’s been almost 2 years since the last update on Nikto, which was version 2.
For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over [...]

The Naptha vulnerabilities are a type of denial-of-service vulnerabilities researched and documented by Bob Keyes of BindView’s RAZOR Security Team in 2000. The vulnerabilities exist in some implementations of the TCP protocol, specifically in the way some TCP implementations keep track of the state of TCP connections, and allow an attacker to exhaust the resources [...]

This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course).
I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects like [...]

VAST is a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, Netcat, Hydra, Hping2 etc.

This distribution is a work in progress. If you [...]

This little, but very useful program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (company?) network ( or others), for example hosts that allow p2p connections.
Explanation

When we use a Gateway, we send the packets with IP destination of the [...]

I thought a while ago about posting some stuff on Bluetooth hacking, but never got round to it. Have posted a couple of new articles on Bluetooth but haven’t yet posted any tools. So let’s start with Haraldscan – a Bluetooth discovery scanner.

The scanner will be able to determine Major and Minor device class of [...]

A fairly serious flaw that was announced in October 2008 by Outpost24 (and apparently discovered way back in 2005), has finally been patched by the major players Cisco and Microsoft.
So far Redhat has offered a workaround for the flaw and Juniper has responded that their equipment is not vulnerable.
It could be that Juniper doesn’t [...]

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD.

Features

Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences
Userland binary(tsctrl) for controlling trafscrambler NKE
SYN decoy – sends out number of SYN pkts before the original SYN pkt
TCP reset attack – sends out RST/FIN pkt with bad [...]

Ah Twitter in the news again, the bad guys sure do keep up with new trends. After being taken offline for a while by a Joejob DDoS attack Twitter is in the news again – this time it’s being used as the command channel for a Botnet.
The normal method for controlling Botnets is via an [...]

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.
It is designed to MITM all SSL connections on a LAN and dynamically generates [...]

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic [...]

FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t [...]

Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Many of you will know it as Ethereal.

Features

Deep [...]

MultiISO LiveDVD is an integrated Live DVD technology which combines some of the very popular Live CD ISOs already available on the internet. It can be used for security reconnaissance, vulnerability identification, penetration testing, system rescue, media center and multimedia, system recovery, etc. It’s a all-in-one multipurpose LiveDVD put together. There’s something in it for [...]

Ah now this is interesting..and scary in a way. Script Kiddies with guns!
Script kiddies going to war, or is it turning soldiers into script kiddies. Who knows.
Anyway, the US military has decided to make their soldiers walking hackers, with an all-in-one super hacking device that can penetrate satellite signals, VoIP networks and normal information systems.

As [...]

The Middler is a Man in the Middle tool to demonstrate protocol middling attacks. Led by Jay Beale, the project involves a team of authors including InGuardians agents Justin Searle and Matt Carpenter. The Middler is intended to man in the middle, or “middle” for short, every protocol for which we can create code.
In [...]

You may remember back in February the BETA of BackTrack 4 was released for download, the team have made many changes and have now released BackTrack 4 Pre Release.

For those that don’t know BackTrack is the top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly [...]

This tool has been hitting the news, including some mentions in the SANS ISC Diary.
It’s not actually a new attack (it’s been around since 2005) but this is the first time a packaged tool has been released for the attack.

Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at [...]

You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software.

Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front.
I’m hoping to try out the AcuSensor on a PHP install [...]

Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a ‘first-cut’ analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time. [...]

This is an old tool, but still useful. I saw someone asking for a tool to grab FTP files from the wire without using something like Wireshark, which brought me to this tool – FTPXerox.

FTPXerox grabs files that are transferred across the network using the FTP protocol. It was written to demonstrate the fact that [...]

WEPBuster basically seems to be a toolkit that attempts to automate the tasks done by the various parts of the aircrack-ng suite.

The end goal of course is to crack the WEP key of a given Wireless network.
Features
The main part of this is the autonomous nature of the toolkit, it can crack all access points within [...]

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, [...]

It’s been a while since the last update of Technitium back in June 2008, the latest release is v5 R2 with support for Windows 7 RC.
Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a [...]

The latest news is a few million Chinese Internet users had trouble accessing any websites yesterday due to a DDoS attack on the DNS system from one of the countries registrars.
It just shows that China has an inherently weak infrastructure if such a large portion of people can be disrupted with an attack to a [...]

Recently I posted about Charles Web Debugging Proxy and quite a few people mentioned they had been using Fiddler.

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler includes a [...]

OAT is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.

Features

Online Dictionary Attack
Presence Stealing
Contact List Stealing
Single User Flood Mode (Internal)
Domain Flood Mode [...]

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).

Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to debug [...]

The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. Most tools are designed to pass a copy of the traffic onto a specified wired interface which is then plugged into a machine to allow a user to monitor the [...]

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server.

In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does not [...]

UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, [...]

In April last year we wrote about ProxyStrike, recently the developer has released a couple of new versions – the latest being v2.1.
ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that [...]

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature enhancements [...]

dnsmap is a subdomain bruteforcer for stealth enumeration, you could say something similar to Reverse Raider or DNSenum.
Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain [...]

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, [...]

What is VideoJak?
VideoJak is an IP Video security assessment tool that can simulate a proof of concept DoS against a targeted, user-selected video session and IP video phone. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264.
VideoJak works by first capturing the RTP port used in a [...]

Finally an update to Medusa! Version 1.5 of Medusa is now available for public download. Medusa 1.4 was released quite some time back in November 2007 and before that Medusa 1.3 showed up November 2006.
You would have thought version 1.5 would have been released in November 2008! Looks like they missed by a few months.

What [...]

This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which [...]

Well the day has come when money-minded botnet owners have turned their services towards online gaming. For a small fee (USD20) you can get someone to set you up with the software to ‘boot’ people from the Xbox Live network.
It’s always been a problem in gaming, if something can get hold of your IP address [...]

The Remote Exploit Development Team is happy to announce the release of BackTrack 4 Beta. In this latest version of BackTrack 4 there have been some conceptual changed and some new and exciting features. The most significant of these changes is the expansion from the realm of a Pentesting LiveCD towards a full blown “Distribution”.
Now [...]

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does [...]

If your organisation is using any kind of Cisco Wi-Fi kit it may be time to get the latest patches for your kit. Although they state there is no proof that hackers have used this attack in the wild – in my experience if Cisco have discovered this now, someone else probably knew about it [...]

FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.
In addition, the new release of FlowMatrix, (ver.0.9.62 and later) supports Network Applications Behavior Analysis. This [...]

We first wrote about Complemento 0.4b a little while ago when it first hit the public domain just last month (December 2008).
Now there have been 2 major updated versions, the latest being 0.6.
What is Complemento?
Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or [...]

Isn’t it amazing in this day and age an entire country can be knocked offline by Denial of Service attacks! You’d have though it wouldn’t happen any more.
I do remember the days when it was fairly easy to take one of the smaller ISPs out in UK, so I guess the infrastructure of some developing [...]

As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant – the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“.
This time it’s for a much more relevant piece of software IMHO, and one which I actually like [...]

This is an interesting development in router security, Cisco bugs have been popping up now and then – not that often – but usually when they do they are quite serious.
The problem with them was you needed so many variations unless you were just targeting one specific router, with that specific version of IOS and [...]

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
Burp Suite [...]

An interesting collection of tools for pen-testing including a DoS tool (something you don’t often see publicly released).
Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or just for fun. Now he has decided to release it to the public.
The Tools

LetDown is a TCP [...]

ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

ike-scan allows you to:

Send IKE packets to any number of destination hosts, using a configurable output bandwidth or packet rate. (This is useful for VPN [...]

This tool has been around for a LONG time in some form or another, some of you old-skool guys may remember a package called SATAN, this was the best semi-automatic security analysis tool around back then. From SATAN and it’s development came SARA, which is now in it’s 3rd generation.

Advanced Research’s philosophy relies heavily on [...]

Ah can’t believe I haven’t posted about this one before, one of my favourite tools! It was a big breakthrough to have a passive OS-fingerprinting tool after relying on Nmap and Xprobe2 for the longest time.
OS fingerprinting is a very important part of a pen-test during the information gathering stage.
P0f v2 is a versatile passive [...]

Another one from the old school, this tool has been around forever since way before wardriving was fashionable and when people still used pringles cans for antenna boosting.
It’s a favourite amongst Windows users, although it can’t do any real hacking (like breaking a WEP key) – it’s extremely fast and effecient in the detection of [...]

Port Knocking came about in around 2003, but it has various weaknesses. There are plenty of implentations though (some quite advanced). Most of the problems are fixed however by fwknop!
fwknop stands for the “FireWall KNock OPerator”, and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop [...]

This is another tool that has been around for a long time and I’ve been using it for years since it’s earliest versions, oddly however I’ve never posted about it.
So here it for the few of you that haven’t heard of it, probably the best port scanner on the Windows platform, very fast and compact [...]

Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:
osd.example.org. 900 IN [...]

ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing.

Features:

reads SIP messages to get information of the RTP port numbers
reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed
RTCP traffic [...]

psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data.
psad [...]

This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.
Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread.

Changes for v1.3

Wrote in-a-bind shell script that [...]

What Does reDuh Do?
reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests.
Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially

What is it for?
a) Bob.Hacker has the ability to upload / create [...]

The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don’t respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. [...]

What is XTest?
XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C [...]

As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organised forked development with the name of OpenVAS – at last a decent and free Vulnerability Scanner!
OpenVAS stands for Open Vulnerability Assessment [...]

HeX is a project aimed at the NSM (Network Security Monitoring) community for use by network security analysts. The developers believe that simplicity and analysis work flow logic must be enhanced and emphasized through-out the process of designing this liveCD. Not only have they carefully chosen all the necessary applications and tools to be included [...]

It’s somewhat ironic that shortly after the Kaminsky DNS bug went wild and almost immediately got ported into Metasploit that it was then used to attack HD Moore’s very own company BreakingPoint.
It happened just a couple of days ago, it doesnt seem to have been a targeted attack though more like mass spammers/scammers leveraging [...]

SIPcrack is a suite for sniffing and cracking the digest authentication used in the SIP protocol.
The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.

If you don’t have OpenSSL installed or encounter any building problems try ‘make no-openssl’ to build with [...]

There has been a lot of hype about this one, but this flaw is a real threat and the working exploits are now available in the wild.
To top that, they have already been ported into Metasploit!
I hope all the major ISPs are in a patching frenzy right now and not thinking to themselves that there [...]

In the story we recently covered where Terry Childs had locked San Fransisco officials out of their own network, there is a new development.
He’s handed over the passcode to the Mayor, Gavin Newsom. It seems he came to his senses and he also seems to have VERY little faith in the IT administration for the [...]

Another disgruntled IT worked causing mayhem, remember the guy that destroyed all the medical records?
He got a pretty hefty sentence, now we have another who has locked everyone out of the new ’state of the art’ computer network in San Fransisco – he’s on a $5 million dollar bail so I’d say he’s in big [...]

Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet [...]

FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files.

Maybe there have been times when [...]

The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain.

The program currently performs the following operations:

Get the host’s addresse (A record).
Get the namservers (threaded).

Get the MX [...]

Now this is an oldskool topic, wardialling! Some people still ask me about wardialling tools though, so here’s one I found recently written in Python.
PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and “modern” analog modems (running at 9.6kbit/s or higher). Wardialing tools are – [...]

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit [...]

ArpON (Arp handler inspectiON) is a portable handler daemon with some nice tools to handle all ARP aspects. It has a lot of features and it makes ARP a bit safer. This is possible using two kinds of anti Arp Poisoning tecniques, the first is based on SARPI or “Static ARP Inspection”, the second on [...]

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:

svmap – this is a sip scanner. Lists SIP devices found on an IP range
svwar – identifies active extensions on a PBX
svcrack – an online password cracker for SIP PBX
svreport – manages sessions [...]

The OSWA-Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer’s CDROM and making your computer boot from it!

This toolkit is [...]

Crackers briefly hijacked hacking tools website Metasploit.com on Monday.
Metasploit is an advanced open-source exploit development platform used by most pen-testers. A tool we often mention here on Darknet.
On Monday the site was redirected to a page announcing the site was “hacked by sunwear ! just for fun“, as recorded by Sunbelt Software.

Unidentified miscreants used an [...]

Angry IP scanner is a very fast IP address and port scanner.
It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Angry IP scanner simply pings each IP address to check if it’s alive, then [...]

SIP devices are getting to be very common now, especially with open source bundled OS offerings like Trixbox making it easy to setup your own digital or IP-PBX.

Along with the frequent installations, many (if not most) VoIP devices have available a Web GUI for their configuration, management, and report generation. These Web GUIs are often [...]

thc-Amap (Application MAPper) is another excellent tool more towards banner grabbing and protocol detection than OS-fingerprinting. But from the services running on a machine you can get a good idea of the OS and the purpose of the server.
Amap is a next-generation scanning tool for pentesters. It attempts to identify applications even if they are [...]

Sometimes I wonder to myself have I mentioned a certain tool on the site, usually one of my favourites…often I search the site to find I have never posted about it.
It just goes to show how we often overlook some of the more ‘obvious’ choices, and to many people they may not be that obvious. [...]

rtpbreak 1.3a has been released, we initially brought you news of this tool back in August 2007 with the first announcement of rtpbreak.

With rtpbreak you can detect, reconstruct and analyze any RTP session. It doesn’t require the presence of RTCP packets and works independently form the used signaling protocol (SIP, H.323, SCCP etc). The input [...]

CDPSnarf if a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.
The application is written in C using the popular PCAP library.

Sample Output
Cisco AIR-AP1231G-E-K9 Access Point:

$ sudo ./cdpsnarf eth2
Waiting for a CDP packet…

[#0] Sniffed [...]

ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so ProxyStrike was born.
Right now it has available SQL [...]

After nearly 10 years of developement Wireshark (formely known as Ethereal) has finally reached version 1!
For those that don’t know, Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the [...]

httprecon is a tool for advanced web server fingerprinting, similar to httprint that we mentioned previously.
The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis.
Besides the discussion [...]

Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options which are described on this page.

Nipper currently supports the following device types:

Cisco Switches (IOS)
Cisco Routers (IOS)
Cisco Firewalls [...]

Ferret works on the concept of “data seepage”: bits of benign data that people willingly broadcast to the world (as opposed to “leakage”, which is data people want to hide from the world).

Examples of data seepage are what happens when you power-on your computer. It will broadcast to the world the list of WiFi access-points [...]

One of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release – not a minor upgrade.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate [...]

NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.
NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and [...]

Nessconnect is an open-source software package that can connect to a Nessus or Nessus compatible server and provides an advanced graphical user interface. It also provides a command line interface, and an application programming interface in Java. Users can create custom scan profiles, generate extensive reports, and perform differential scans and analysis. Nessconnect was previously [...]

For some reason I’ve never posted about Kismet, and I don’t like to assume everyone knows everything. So for those who may not have heard of it, here’s Kismet.
Kismet is one of foundation tools Wireless Hacking, it’s very mature and does what it’s supposed to do.
Kismet is an 802.11 layer2 wireless network detector, sniffer, and [...]

Another tool for the security side, good for forensics, monitoring and auditing.
Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, [...]

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments.
In Cisco IP Phone networks, it first dissects either [...]

Unicornscan has always been a favourite of mine, especially for UDP scanning and scanning large networks (and getting it done fast).
Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. [...]

Pcapy is a Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets.
Advantages of Pcapy

Works with [...]

A new generation of phishing attacks is being studied jointly by Google and Georgia Institute of Technology, it seems the bad guys are getting some smarter ideas.
They are using Open Recursive DNS servers to poison DNS queries and return false information, thus luring consumers to even more realistic phishing domains.

Researchers at Google and the Georgia [...]

At last a new major release of Nmap!
If for some odd reason you don’t already know what Nmap is, it is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host [...]

Scanrand is extremely quick and effective port scanner. It works by forking two distinct processes:

One to send the initial queries
One to receive responses and reconcile them from the above

This makes it extremely fast.
If you haven’t heard of the suite, Scanrand is one of the five tools in Paketto Keiretsu by Dan “Effugas” Kaminsky [...]

The newest version of Technitium MAC Address Changer was released a while back, v4.7. There are some minor changes and it’s looking to be pretty polished for a free tool.
Of course some might say “It’s just a registry entry? What’s the big deal?” Well this just makes it easier, especially when you are doing audits [...]

The firewall test suite fwtest is a security auditing tool made up of two parts: the test control application fwtest and optionally one or two helper processes named fwagent. The test control application fwtest starts up the python interpreter with the given test script. The test script controls the packet data flow between two virtual [...]

A freeware tool to trace TCP/UDP sessions and fetch application data from snoop or tcpdump logs. This is a type of “any-snarf” program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG), SMTP emails and so on from the captured data inside network traffic logs.
Similar to tcpflow which we mentioned recently.
A [...]

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow [...]

WifiZoo is a tool to gather wifi information passively. Similar to dsniff but for wireless work, the author wanted to do something wifi-related somewhat helpful in wifi pentesting. Something of an extension of Ferret from Errata.
It’s essentially a tool to get information from open wifi networks without joining any network, and covering all wifi [...]

I was looking through my toolbox to see what else is useful and I came across this one, httprint – the only caveat is that it’s a little out of date. It still does a good job though.
httprint is a web server fingerprinting tool.
It relies on web server characteristics to accurately identify web servers, despite [...]

The LORCON packet injection library provides a high level interface to transmit IEEE 802.11 packets onto a wireless medium. Written for Linux systems, this architecture simplifies the development of 802.11 packet injection through an abstraction layer, making the development of auditing and assessment tools driver- independent.
Using LORCON, developers can write tools that inject packets onto [...]

IPAudit monitors network activity on a network by host, protocol and port. It listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating [...]

PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform.
PIRANA’s goal is to test whether or not any vulnerability exists on the content [...]

rtpBreak detects, reconstructs and analyzes any RTP [rfc1889] session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. In particular, it doesn’t require the presence of RTCP packets (voipong needs them) that aren’t always transmitted from the recent VoIP clients.
The RTP sessions are composed by [...]

The first Link Layer Discovery Protocol Fuzzer is now available, test cases are also ready to be used along with the tool. The fuzzing architecure makes it easy to extend the tool with new test cases and more LLDP compliant devices arise.
LLDP is a Layer 2 protocol which allows network devices to advertise their identity [...]

An interesting happening this week, some ISP’s have been jacking the DNS entries for certain IRC networks to crack down on zombie/bot infections.
Is it ethical? Should they be doing this to their users?
I first got wind of this from a post on Full Disclosure mailing list from an IRC network administrator.
You can read that e-mail [...]

Dr.Morena is a tool to confirm the rule configuration of a Firewall.
The configuration of a Firewall is done by combining more than one rule. Sometimes a rule configuration may reside in a place other than the basic rule configuration place. In such a case, it is difficult to confirm whether it is an intended configuration [...]

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.
The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for [...]

ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios.
Formerly announced as ScarabMon [...]

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called “carving”) is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. tcpxtract uses this technique specifically for the application of [...]

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

ProxyFuzz is a good tool for [...]

Some cool free tools made by folks from the French Honeynet Project.
FakeNetBIOS is a family of tools designed to simulate Windows hosts on a LAN. The individual tools are:

FakeNetbiosDGM (NetBIOS Datagram)
FakeNetbiosNS (NetBIOS Name Service)

Each tool can be used as a standalone tool or as a honeyd responder or subsystem.
FakeNetbiosDGM sends NetBIOS Datagram service packets on [...]

Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.
It is possible to boot TRK in three different ways:

As a bootable CD which you can burn yourself from a downloadable isofile
From a USB stick/disk (optionally [...]

Another video in 2-3 days… I think i this becoming like a mania for me… Anyway in this video i played around with netstat so that for those who do not play with it could see the possibilities it offers to us… no more tutorials like:

netstat -a
to view all you connections
the end

… because I have [...]

Or half-open scanning technique is the first of three to come series about stealth scanning… The other two are Xmas/Fin/Null and idle/zombie scan techniques…
Intro
This is a series of three to come articles about stealth scanning, everything that I am going to present is hping oriented so if you want to learn this techniques you’d better [...]

Sguil (pronounced sgweel) is probably best described as an aggregation system for network security monitoring tools. It ties your IDS alerts into a database of TCP/IP sessions, full content packet logs and other information. When you’ve identified an alert that needs more investigation, the sguil client provides you with seamless access to the data you [...]

Technitium MAC Address Changer v4.5 has been released.
Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample of information regarding each NIC in the machine. Every NIC [...]

Foundstone Blast v2.0 is a small, quick TCP service stress test tool. Blast does a good amount of work very quickly and can help spot potential weaknesses in your network servers.
Features:
/trial switch adds the ability to see how the buffer looks before sending it
/v switch adds verbose option – off by default
/nr switch turns off [...]

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.

Nemesis can natively craft and inject packets for:

ARP
DNS
ETHERNET
ICMP
IGMP
IP
OSPF
RIP
TCP

UDP

Using the IP [...]

Another flaw in Cisco’s IOS, this time a problem with FTP, the mechanism used to update the firmware on Cisco devices (routers & switches mostly).
You really don’t want someone playing around with your configuration files on your router do you?

IOS FTP, which comes disabled by default in IOS, is used to upload IOS software images [...]

ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It generates piles of pseudo random packets of the target protocol. The packets be given tendencies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the [...]

The VoIP Security Alliance (VOIPSA) is pleased to announce the public release of its VoIP security tool list. Check it out at:
http://www.voipsa.org/Resources/tools.php
This VoIP Security Tool List provides categories, descriptions and links to current free and commercial VoIP security tools.

This list was developed to address the current void of VoIP security testing resources and sites, [...]

What is Scapy?
Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery [...]

Gomor released a LLTD (Link Layer Topology Discovery Protocol) implementation written in Perl (using Net::Frame framework).
You may use this two modules to write fuzzers, or anything.

You can find the modules here:

Net Frame LLTD

There is another option for DNS Brute Forcing which uses threads, so may be faster than TXDNS 2.0 which we posted about recently.
What does it do?
This program was written to extract valid hosts of a domain that deny zone transfers.
The program supports:

IPv4 => IP Address of [...]

OWASP JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.
The purpose of this application is to provide a single, [...]

Well at least it shows the Internet is not very susceptible to such attacks due to its distributed nature, even if the root nameservers are down, the DNS system still functions.
This was a pretty heavy attack though and the most significant in the past 5 years or so, someone testing their ego I guess.
I CAN [...]

ADN – Active Directory Navigator is a little tool to visually explore an Active Directory and perform a simple dictionary attack against users’ password.
You can download the tool here:

ADN – Active Directory Navigator
MD5 4a1e3bb33a25d91d7d7a70877f8374ef
SHA1 a0bf80e9426835b88cc6604784d2d949efe5645f
Notes: It requires .NET framework and PCSoft framework

There are not many good tools for replaying traffic, most people use WireShark (formely known as Ethereal) for capturing the traffic, but what happens if you want to take that capture and reply it over the wire?
Someone has this problem so they decided to code their own solution, thankfully for us! There are quite a [...]

ADtool is a neat tool to help you list all the machines that are part of an Active Directory driven domain or network.
It is intended to help pentesters and admins in their day to day work, there are some other tools that can accomplish the work for listing domain servers, but unfortunately all other tools [...]

LFT
LFT, short for Layer Four Traceroute, is a sort of ‘traceroute’ that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al.
What makes LFT [...]

THC-Hydra rocks, it’s pretty much the most up to date and currently developed password brute forcing tool around at the moment.
It supports a LOT of services and protocols too.
Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallelized login cracker which supports numerous protocols to attack. [...]

Solaris is pwned by a similar vulnerability to one discovered on AIX systems in 1994.
Yes people that’s 13 years ago…and Sun are still vulnerable, as reported by SANS.
The following will give you root on a lot of Solaris systems:
telnet -l “-froot” [hostname]
Cool eh?

The Internet Storm Center is urging system administrators to disable or restrict telnet [...]

Towards the end of last year Cafepress.com came under heavy DDoS attack (Distributed Denial of Service) which took it down for some time.
The problem with DDoS attacks is there’s not much you can do to prevent it, if that guy has enough zombies resulting in enough bandwidth, you are going down.
DDoS attacks have gotten pretty [...]

Introducing a pair of tools that go well together and give you some good control for HTTP transaction analysis and looking at the security of web applications.
Odysseus is a tool designed for testing the security of web applications.
Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy [...]

This is a bit of hacking in the original sense of the word, taking a $60 router and giving it the capabilities of something costing in the hundreds or thousands (enterprise level).

Of all the great DIY projects at this year’s Maker Faire, the one project that really caught my eye involved converting a regular old [...]

The famous Phenoelit Default Password List has been updated, it’s been quite some time since an update.

http://www.phenoelit.de/dpl/dpl.html
This is a must have resource on your pen-drive and backed up offline somewhere for those important times when you need to know the login for a router/switch

Technitium MAC Address Changer v4 (TMACv4 C4) has been officially released.
Technitium MAC Address Changer allows you to change Machine Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample of information regarding each NIC in the machine. [...]

SIP Proxy is an Open Source VoIP security test tool which has been developed by the students Philipp Haupt and Matthias Halimann during their diploma thesis and second student research project at the University of Applied Sciences Rapperswil.
With SIP Proxy you will have the opportunity to eavesdrop and manipulate SIP traffic. Furthermore, predefined security test [...]

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.
It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.
This tool can be used to mount fake access point attack against WEP-based wireless clients.

This code tested [...]

SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include:

Automated SQL [...]

Finally a replacement for the way outdated and rather crappy NmapFE!
Unfortunately sometimes we do have to actually use Windows, and Nmap cleverly overcame the problems with raw sockets on Windows SP2 by using ATM frames instead, so it’s cool.
Now we just need a decent GUI so it fits into the whole scheme of things, and [...]

MTR was written by Matt Kimball, with contributions by many people. Take a look at the “AUTHORS” file in the distribution. Roger Wolff took over maintenance of MTR in october 1998.
MTR combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single network diagnostic tool.

As MTR starts, it investigates the network connection between the [...]

Cain & Abel is easily one of our favourite password crackers here at Darknet, especially because it’s oldskool but still under development, unlike most other projects which have been abandoned as time passed.
Cain & Abel has some awesome stuff built in like native network sniffing and network password grabbing.

Cain & Abel is a password recovery [...]

TXDNS 2.0.0 has been released.
TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques:

Typos

TLD rotation

Dictionary attack

Brute force

This new version features a distributed model which further boosts TXDNS’s parallelism and performance. This [...]

A new worm is spreading fast on the Skype network, it’s activated by a malicious Skype Chat link and it has been seen in the wild in numerous places.
Apparently the dangerous link starts with “Check this!” pointing to a .org/.biz address, if you click the link you’ll become infected.
There have been no reports of unpatched [...]

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has.
Nmap approaches to fingerprinting as shown to be efficient for years. Nowadays, with the omni-presence of stateful filtering devices, PAT/NAT configurations and emerging packet normalization technologies, its approach to OS fingerprinting is becoming to be obsolete.
SinFP uses the aforementioned limitations as a [...]

It seems finally someone has found a flaw in the way Tor works, a way to beat it and find out who is using the system.
Perhaps an end to the most anonymous system on the Internet?
I got this info fresh from SANS.

One of our readers sent in a very worrying analysis of what appeared to [...]

Here is a newly released VA methodology, the author believes it to be more focused, and thus cost effective VA process. It may map to internal work, but it is probably more suited to external sites.
It’s gone through a couple of revisions so it’s a bit more polished now.
You can find the notes on the [...]

This a very old article based on my tiny document “WinDOS tools” which was for a short while on Blackcode, before it was shutdown… It was an article to impres my friends, but found some usefull stuff two when writing it… so let’s take a look at some “hidden” Windows XP programs…
MAC Address (getmac)
It seems [...]

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:

Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
Flexible user [...]

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Taof aids the researcher during the data retrieval process by providing a transparent proxy functionality that forwards and logs requests from a [...]

If you are paranoid about people ARP spoofing or flooding on your network you can use ARPWatch-NG, ARPWatch-NG is a continue of the popular original ARPWatch from ftp://ftp.ee.lbl.gov/.
ARPWatch monitors MAC adresses on your network and writes them into a file, last know timestamp and change notification is included.

It can be used it to monitor for [...]

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.
Think of it as Odysseus (or Burp, if you prefer) that will proxy (almost) anything…

Windows encryption and OpenSSL functions are also hooked [...]

arp-sk is basically an ARP Traffic Generation Tool. It’s quite old but still very useful!
There are 2 basics mode:
– who-has: build a request ARP message.
– reply: build a reply ARP message (default)
Other advanced modes should come very soon
– arping: send a who-has to every host on the LAN to [...]

Apart from the fact Janus is almost like Anus this is a very cool project.
Seriously this is really geeky stuff, but super cool.

If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. A small security firm has made a portable computer that is capable of scanning 300 networks [...]

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do things.
Summary
The sole purpose of the information contained in this advisory is to point out the flaws in InterNIC’s domain name handling system and is intended [...]

It’s good to see work on open source tools in the countermeasure department aswell as the attack and penetration arena.
It’s a shame since Snort and Nessus have gone semi-commercial.

I hope more people invest their time in good IDS, Firewall and IPS systems, I love things like IPCop and hope to see more products like HLBR.
HLBR [...]

This is an excellent article you might find useful covering the use of the capture command in Cisco PIX firewalls.

A vital tool to use when troubleshooting computer networking problems and monitoring computer networks is a packet sniffer. That being said, one of the best methods to use when troubleshooting connection problems or monitoring suspicious network [...]

A lot of people come to Darknet looking for Brutus AET2 (brutus-aet2.zip) to download, but unfortunately due to some stupid Homeland security bullshit I actually had to remove the file or risk having no hosting left..
If you don’t know, Brutus is one of the fastest, most flexible remote password crackers you can get your hands [...]

These are basic techniques but very useful when penetration testing any Windows based network, the techniques were discovered on WinNT but are still very valid on Windows2000 and in some cases Windows2003 due to backwards compatibility.
This article is being written in a procedural manner. I have approached it much like an intruder would actually approach [...]

Introduction
This tutorial is an attempt to help you re-route all internet winsock applications in ms windows trough a socks chain, thus making your connections much more anonymous.
Theory
The more different hops you make your data jump, the more difficult it will be to trace it back. take this [...]

Another good tool updated! TCPReplay suite 3.0.beta10 has been released.
For those that don’t know Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for *NIX operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify [...]

We are happy to announce that the 1.2.6 (christine) release of the Basic Analysis and Security Engine (BASE) is available.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts [...]

We are happy to announce that Hping 2 works with Windows XP again! Hping support on Windows was never that great.
Darknet is indeed a great fan of Hping! Glad to see it has overcome the Raw sockets problems Windows XP SP2 brought about.
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to [...]

This is actually a very important case depending on which way it goes.
It could become a landmark case in regards to liability for machines on your network, or actually any traffic originating from your IP range.

A boutique Washington, D.C.-based law firm is accusing IBM of hacking into its e-mail system and is seeking recourse.
The firm, [...]

I saw a Freeware MAC Address Changing tool today which I thought I’d share with you all, as I used to use SMAC, a nice tool, until the guy started charging for it!
Hopefully this one won’t go the same way.
Technitium MAC Address Changer, which allows you to change Machine Access Control (MAC) Address of your [...]

Now this is a scary though, with the digitisation of the old analogue power stations and the accidental cross-over of networks (as we’ve seen before) people could soon be hacking nuclear power station control systems..

he nuclear power industry is going digital — replacing mechanical systems with more efficient, networked computer-controls.
If that makes you nervous in [...]

NTA-Monitor has released the arp-scan detection and fingerprinting tool under the open source (LGPL license) concept.
It has been tested under various Linux based operating systems and seems to work fine.
This will only compile on Linux systems. You will need a C compiler, the “make” utility and the appropriate system header files to compile arp-scan. It [...]

Botnets are indeed a growing problem, we’ve seen serious cases of DDoS extortion, the most recent example would be the attacks against the ‘million dollar homepage’ and the problems it caused the owner.
Botnets have been used for quite some time as spam networks and mostly for script kiddies to have DoS wars on IRC networks, [...]

As we’ve reported a few times recently, more and more attacks being aimed at Web Services such as Orkut, MySpace, Ebay and others.

As more people turn to web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers said.
Users [...]

Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
It’s a very useful for any network based penetration testing or vulnerability assessment. There isn’t many tools working on Layer 2 and this is [...]

OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.

SinFP uses the aforementioned limitations as a [...]

Packet sniffing goes hi-tech? What’s wrong with ethereal?
The equipment that technician Mark Klein learned was installed in the National Security Agency’s “secret room” inside AT&T’s San Francisco switching office isn’t some sinister Big Brother box designed solely to help governments eavesdrop on citizens’ internet communications.
Rather, it’s a powerful commercial network-analysis product with all sorts of [...]

OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.
SinFP is a new approach to OS [...]

Now this is a VERY interesting project, as I’ve always said the majority of DoS attacks and DDoS attacks (90%+) could be stopped if all the ISP’s null routed packets which DO NOT originate from IP blocks they own, e.g. spoofed packets.
Basically the project has been established to see if you can spoof IP packets [...]

Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC, and a generic wrapper module.

While Medusa [...]

One way to defend against OS fingerprinting from tools such as nmap, queso, p0f, xprobe etc is to change the metrics that they base their analysis on.
One way to do this with OpenBSD is to use Sealing Wafter.
Goals of Sealing Wafter:
1. To reduce OS detection based on well known fingerprints network stack behavior.
2. To have [...]

I’ve seen quite a lot of discussion lately on how to ‘defend against nmap’ or how to change the properties of your TCP/IP Stack so your Windows OS appears to be something else (As in you can guess the OS from the TTL value passed back in a TCP/IP packet).
One way you can do this [...]

4. Brief How-to …. Creating Multiple clients to Single site tunnels.
Example of using PKI to create a client-to-site VPN:
For a road warrior or roaming/multiple user scenario, static keys based VPNs don’t scale well. You will need to implement a PKI if you have Hub and Spoke architecture of VPN.
From the OpenVPN.net website:
Static Key advantages

Simple [...]

3. Brief How-to ….. OpenVPN and Site-to-Site Tunnels.
OpenVPN can be implemented either Site-to-site or client-server model. I will take example configurations of both models.
If you want to implement site-to-site configuration, the best way is to use static-keys instead of PKI. Using static keys, you can have your VPN tunnel up and running in a jiffy.
First, [...]

2. Why OpenVPN
Here, in this article, I will lay down the emphasis on one important Open-Source SSL VPN software written by James Yonan and contributed by several others, which proposes security without the inherent complexity of IPsec AND using a trusted design of client component and VPN server.
Usually VPNs require end points which are trusted. [...]

Requirement: To connect to a VPN server in a different country.
Situation: A country which has proxies at every gateway.
Issues: VPN based on IPSec is fussy when it comes across networks which are NAT’ted/ proxied. The Security Parameters Indexes don’t match and clients do not get connected.
Objective: To connect VPN server in a corporate network using [...]

Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts [...]